Network Server security

By default, the Derby Network Server listens only on the localhost. Clients must use the localhost host name to connect.

By default, clients cannot access the Network Server from another host. To enable connections from other hosts, set the property, or start the Network Server with the -h option in the java org.apache.derby.drda.NetworkServerControl start command.

In the following example, the server will listen only on the localhost, and clients cannot access the server from another host:

java org.apache.derby.drda.NetworkServerControl start

In the following example, the server runs on the host machine and also listens for clients from other hosts. Clients must specify the server in the URL or DataSource as

java org.apache.derby.drda.NetworkServerControl start \

To start the Network Server so that it will listen on all interfaces, start with an IP address of, as shown in the following example:

java org.apache.derby.drda.NetworkServerControl start -h

A server that is started with the -h option will listen to client requests that originate from both localhost and from other machines on the network.

However, administrative commands (for example, org.apache.derby.drda.NetworkServerControl shutdown) can run only on the host where the server was started, even if the server was started with the -h option.